MIM (formerly Forefront Identity Manager, and Identity Lifecycle Manager before that) is a widely used service for managing user lifecycles and access rights in Active Directory.
Right now, it is slowly moving into a well-earned retirement phase. But don’t worry, it’s not the end of the world. There are tools you can use in its place, and there’s still time to move to another service.
Is Microsoft Identity Manager reaching the end of life?
In simple terms, yes. It is no longer actively developed by Microsoft, although mainstream support for MIM will be available till January 2029.Still, for many organisations, it is time to look for a replacement.Microsoft has turned its focus to Azure AD. Can it really replace MIM entirely?As we consultants like to say: it depends. Let’s have a look at what you can use to manage identities and up your IAG game.
What does Microsoft Identity Manager do?
MIM can synchronise your Active Directory with multiple external systems to centralise the management of user accounts. Its key features include:
- Identity management – including user on- and offboarding, attribute synchronisation, and self-service profile management
- Group management – for manual, manager-based, and dynamic groups, featuring self-service workflows and access request & approval process
- Credential management – with self-service functionalities, MFA, and password synchronisation
- Policy management – covering authentication, authorisation, codeless provisioning, and a SharePoint-based admin portal.
This is just a snapshot of its capabilities. MIM also facilitates RBAC (with BHOLD), PAM, certificate management and reporting, and many other functionalities.For on-premises environments, it has been the cornerstone of Identity and Access Management for a very long time.
Do you need Microsoft Identity Manager?
There are some scenarios where MIM still performs very well. This is especially true for environments based largely on-premises. Example use cases include:
- Frequent user on/offboarding, e.g. in hospitality or retail industries
- Automating Microsoft 365 license management
- Helping with MS Teams management
- Facilitating quick synchronisation during mergers & acquisitions (possible with the addition of Azure B2B to allow guests to a tenant)
- Office 365 contact synchronisation between tenants
- On-premises synchronisation from AD to other directories and applications
- The need for compliance and meeting audit requirements.
You can also build custom workflows and connectors to integrate the platform with internal systems, such as CISCO Unified Communications Manager.
What to replace MIM with?
Does it mean MIM is the only option for identity management? Not necessarily. Especially considering that MIM will soon be decommissioned, it is a good time to start looking at alternatives.The closest replacement is, of course, Azure AD. It has a range of features that enable simple identity and access management for internal and external users.If you’ve got a cloud-first or hybrid environment, it’s the perfect choice.
Disadvantages of using MIM
Some important functionalities are not available in Microsoft Identity Manager 2016. These include:
- Reporting and auditing
- Passwordless authentication
- Compliance and governance tools
- Access review and Entitlement Management.
If you’re looking to upgrade your identity and access governance, use Azure AD to plug these gaps.
Disadvantages of using Azure AD (Microsoft Entra ID)
Particularly for on-premises environments, there are some features in MIM that are currently not available in Azure AD. They include:
- Role-Based Access Control (RBAC) for on-premises resources including access management, role mining, segregation of duties, attestation campaigns, and reporting
- Privileged Access Management (PAM) for on-premises AD DS environment with just-in-time access to security groups
- Certificate Management for managing the complete life cycle of smart cards and software-based certificates
- Audit Reports covering identity and access governance including identity attribute change log, role management, and access attestation.
Pro tip: You could build your own solution to cover currently missing functionalities, but they can be costly and time-consuming.There are already services on the market, such as Omada (disclaimer: they are our partner in the IAM space), Saviynt or CyberArk. They have the necessary integrations available out-of-the-box, so you may be able to take advantage of them instead. They are fully compatible with MIM, so you could use them during the transition period.
What’s the strategy for moving on from Microsoft Identity Manager 2016?
MIM was great for on-premises environments, but with more and more organisations moving towards the cloud, they’re starting to look for cloud-based replacements.As we’ve indicated, Azure AD is the closest substitute. By adding third-party tools you can easily replace all of MIM’s features, and add many new ones.Quick wins:
- Onboard Omada Identity and conduct access reviews for critical business applications and systems
- Follow Omada's Identity Process+ to introduce essential identity governance functionalities, like onboarding, transfer, offboarding, and access requests
- Define contexts and resource assignment policies for default access and standard permissions
- Migrate existing MIM connectors to Omada Identity.
Here are the first steps to developing your MIM migration roadmap:
- Review your MIM implementation. What are the key functionalities you use and need to migrate?
- Reduce the dependency on MIM 2016 infrastructure by implementing the quick wins listed above
- Consider Azure AD Identity Governance for simple governance of your cloud resources.
- Enable SSO for on-premises and SaaS applications with Azure AD SSO
- Evaluate Omada Identity for hybrid access governance. Start by introducing the key elements alongside your MIM implementation.
Pro tip: To see which services to replace your MIM functionalities with, check out our dedicated guide below. Note that all included functionalities are available in Azure AD natively and no additional customisation is required.[caption id="attachment_187361" align="aligncenter" width="1284"] Click the image to download the infographic[/caption] In need of MIM platform support? Get in touch and we'll help you out.
